This module exploits a path traversal vulnerability present in the accountID parameter of the doPost method of com.ilient.server.UserEntry class to deploy an agent. The vulnerability is used to upload a WAR file inside a subdirectory of the web server's root directory to deploy an agent. The deployed agent will run with the same privileges than the SysAid webapp.
CVE Link
Exploit Platform
Exploit Type
Product Name